All Vendors
personalization

Unbounce

Unbounce is a landing page builder and conversion optimization vendor that enables deployment of tracking pixels, advertising platform integrations, and behavioral analytics across customer landing pages with built-in visitor data collection.

36 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Unbounce discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Awaiting scanner verification

Observed Behavior

Runtime cookie behavior and third-party script execution not yet observed by BLACKOUT scanner

Customer Impact

What This Means For You

Organizations using Unbounce should recognize that the platform serves as both a landing page host and a data distribution hub. All form submissions, visitor behavioral data, and conversion events flow through Unbounce's infrastructure before reaching downstream systems. This creates a single point of failure for lead capture and a concentration of sensitive prospect data. The Script Manager's ability to deploy advertising pixels across all pages means a single misconfiguration can expose visitor data across the entire landing page portfolio. Compliance teams must audit the full chain of data flows from Unbounce through Zapier integrations to final CRM destinations, as each hop introduces additional data processing relationships that require disclosure and consent management.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Unbounce

  • - Audit all third-party scripts deployed via Script Manager and verify each is disclosed in your privacy policy and covered by visitor consent. - Review Zapier integration data flows to ensure lead data is not being shared with platforms beyond your documented processing relationships. - Confirm the cookie banner is properly configured to gate external tracker execution on consent rather than relying on default behavior. - Assess Smart Traffic AI implications for attribution accuracy and ensure downstream analytics account for AI-driven variant selection. - Verify IP address logging practices align with your privacy policy disclosures, particularly for EU visitors under GDPR.

Negotiation Leverage

  • When negotiating with Unbounce, request clarity on data retention policies for visitor IP addresses, behavioral data, and form submission records. Ask what happens to visitor data collected via Unbounce's own analytics versus data processed through third-party scripts deployed via Script Manager. Key contractual protections should include data portability guarantees for all lead data, restrictions on Unbounce's use of aggregated visitor data for product improvement or benchmarking, and clear SLAs on data deletion upon account termination. For EU-focused operations, confirm that Unbounce's claim of EU data residency for lead data extends to all data types including IP logs and behavioral analytics, not just form submissions.
IOC Manifest

IOC Manifest

36 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*unbounce.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*unbounce.com/wp-content/plugins/perfmatters/js/lazyload.js*
Tracking script
TRACK
unbounce.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
unbounce.com/wp-content/plugins/perfmatters/js/lazyload.min.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Unbounce connects to a broad ecosystem of advertising, analytics, and CRM platforms. Direct integrations include Google Ads conversion tracking, Meta Pixel for Facebook campaign measurement, and Google Analytics for traffic analysis. The platform supports over 60 tool integrations via Zapier, enabling automated data flows between landing pages and CRM systems, email marketing platforms, and marketing automation tools. Script Manager provides centralized deployment of any third-party JavaScript across all landing pages, and external conversion tracking capabilities allow conversion data to flow back to advertising platforms. AnyTrack integration enables server-side conversion data transmission to Facebook CAPI and Google Ads, bypassing browser-level tracking restrictions.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

36 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details